package com.bbs.interceptor;

import java.io.IOException;
import java.lang.reflect.Method;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.struts2.ServletActionContext;

import com.bbs.comm.SessionContext;
import com.bbs.comm.SysConstant;
import com.bbs.dao.BaseDao;
import com.bbs.dao.PrivilegeDao;
import com.bbs.dao.impl.PrivilegeDaoImpl;
import com.bbs.model.Privilege;
import com.bbs.model.User;
import com.bbs.permission.Permission;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

public class TopicPrivilegeInterceptor extends BaseDao implements Interceptor {

	public TopicPrivilegeInterceptor() throws IOException {
		super();
		// TODO Auto-generated constructor stub
	}

	/**
	 */
	private static final long serialVersionUID = 1L;

	@Override
	public void destroy() {
		sqlSession.close();
	}

	@Override
	public void init() {

	}

	@Override
	public String intercept(ActionInvocation invocation) throws Exception {
		return invocation.invoke();
		/*User user = null;
		HttpServletRequest request = ServletActionContext.getRequest();
		HttpSession session = request.getSession();
		SessionContext sc = ((SessionContext) session
				.getAttribute(SysConstant.SESSION_CONTEXT));
		
		// 获取此次调用的方法名
		String  methodname = invocation.getProxy().getMethod();
		// 获取要调用的方法
		Method method = null;
		method=invocation.getAction().getClass().getDeclaredMethod(methodname, null);
		
		// 得到这个方法所要求的权限
		Permission permission = method.getAnnotation(Permission.class);
		if (permission == null) {
			permission = invocation.getAction().getClass().getAnnotation(Permission.class);
		}

		if (null != sc) {// 在项目重新启动的时候可能为空，只要登录就再一次为SessionContext赋值
			user = sc.getUser();
			String requstUrl = request.getRequestURI();
			logger.info(user.getUser_name() + "请求的URl：" + requstUrl);
			if (authenticate(requstUrl, user, request)) {
				return invocation.invoke();
			}
			if (permission != null) {
				Privilege privilege=new Privilege();
				privilege.setPriv_operate(permission.action());
				privilege.setPriv_obj_type(permission.resource());
				PrivilegeDao privilegeDao=new PrivilegeDaoImpl();
				
				if (privilegeDao.checkPrivilege(user,privilege)) {
					return invocation.invoke();
				}
			}

		}
		
		return "permissionDenied";*/
	}

	/**
	 * 在除了 验证权限：游客可以浏览，不能做任何改变数据库的操作 超级管理员：SA可以执行任何操作 只要登录就可以回复，发帖
	 * //肯定是有漏洞的，只要了解到怎么验证，肯定是可以绕过的
	 * 
	 * @param url
	 * @param user
	 * @param request
	 * @return
	 */
	/*public Boolean authenticate(String url, User user,
			HttpServletRequest request) {
		// 游客或超级管理员
		if (url.contains("read") || url.contains("get") || url.contains("list")
				|| user.getUser_role_id() == SysConstant.SA) {
			return true;
		}
		if (null == user.getUser_password()) {// 是否登录，之后的操作都需要登录: add update
												// delete
			return false;
		}
		int userId = user.getUser_id();
		String topicId;
		Privilege privilege = new Privilege();
		int ret;
		privilege.setPriv_executor_id(user.getUser_id());
		if (url.startsWith("/bbs/replyAction")) {// 只要登录就可以回复
			return true;
		} else if (url.startsWith("/bbs/topicAction")) {
			
			 * if(userId==topicId){//自己是作者 return true; }
			 * isModerator(userId,topicId);
			 
			authenticateOnTopic(url, user, request, privilege);
		} else if (url.startsWith("/bbs/UserAction")) {
			privilege.setPriv_obj_type("user");
			if (url.contains("addUserc")) {
				privilege.setPriv_operate("add");
			} else if (url.contains("updateUser")) {
				privilege.setPriv_operate("update");
			} else {
				privilege.setPriv_operate("del");
			}
		}
		
		 * ret=sqlSession.selectOne("com.bbs.model.Privilege.authenticate",privilege
		 * ); if(ret>0){ return true; }
		 
		return true;
	}

	// 在那条sql语句中的all体现是版主的,版主是对应板块的
	public void authenticateOnTopic(String url, User user,
			HttpServletRequest request, Privilege privilege) {
		privilege.setPriv_obj_type("topic");
		if (url.contains("addTopic")) {
			privilege.setPriv_operate("add");
		} else if (url.contains("updateTopic")) {
			privilege.setPriv_operate("update");
		} else {
			privilege.setPriv_operate("del");
		}
	}

	public void authenticateOnUser(String url, User user,
			HttpServletRequest request, Privilege privilege) {
		privilege.setPriv_obj_type("topic");
		if (url.contains("addTopic")) {
			privilege.setPriv_operate("add");
		} else if (url.contains("updateTopic")) {
			privilege.setPriv_operate("update");
		} else {
			privilege.setPriv_operate("del");
		}
	}

	public void authenticateOnSection(String url, User user,
			HttpServletRequest request, Privilege privilege) {
		privilege.setPriv_obj_type("section");
		if (url.contains("addSection")) {
			privilege.setPriv_operate("add");
		} else if (url.contains("updateSection")) {
			privilege.setPriv_operate("update");
		} else {
			privilege.setPriv_operate("del");
		}
	}*/

}
